How should exceptions that use temporary tokens be managed?

Temporary tokens used for exceptions should be time-bound and have expiration enforced. Enforcing expiration creates a limited window of access, which reduces the risk if a token is leaked or misused and supports simpler, automatic revocation without relying on someone to manually revoke the token. In practice, issue tokens with a short, defined lifetime and require a controlled process for any renewal, so access ends promptly when the task is done or when conditions change. Why this fits best: it ensures tokens cannot be used indefinitely and aligns with least-privilege principles. Tokens that never expire rely on manual revocation and can linger, which is risky. No expiration ever defeats the purpose of temporary access, and a fixed 24-hour expiry, while an expiration, is an arbitrary policy that may not suit all scenarios. Enforcing expiration, in general, provides a robust, scalable approach to managing temporary exceptions.